The Status of IT Security Evaluation and Standards in China—A Technical Perspective (U21a)
The booming development of information technology in China calls for the application of effective and efficient solutions for security evaluation similar to what occurs in the western world. Over the last decade, the Common Criteria (CC) in the form of its Chinese version GB/T 18336 has found widespread use in the evaluation of IT products in China, including IC chips, smart cards as well as network fundamental devices. Some relevant standards and methodologies have been specialized to provide solutions to evaluate the security of extensively used payment systems and applications. This presentation will focus on the evaluation status of the above technical areas, specifically: The evolution of GB/T 18336 with the development of CC; The referenced technical standards and/or methodology, and their relationship with CC; The current application status for the standards; Typical evaluation process and method for each individual technical areas. In addition, a case study on a P2PE (point to point encryption) solution used for payment systems will be given to discuss the security requirements and assessment for a P2PE solution. From a technical view, this presentation will reflect the whole picture of the status of IT security evaluation in China.